Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2025-01-30 19:07	LauncherLoader.exe 7ed622a78bd8afc3c3891379febcf640 Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Creates executable files unpack itself	6 Keyword trend analysis Info http://www.newkey.co.kr/version/pos.php http://www.newkey.co.kr/cab/NewkeyManager.ini http://www.newkey.co.kr/cab/NewkeyLauncher.exe http://www.newkey.co.kr/version/?app_name=NewkeyLauncher.exe http://www.newkey.co.kr/version/?app_name=LauncherLoader.exe http://www.newkey.co.kr/cab/LauncherLoader.exe	2			4.8		47	ZeroCERT

2	2025-01-03 17:58	2.exe 119a00350e1a20e1a3ea01153b91001b Malicious Library Antivirus UPX PE File PE32 OS Processor Check VirusTotal Malware PDB sandbox evasion					2.6		50	ZeroCERT

3	2024-12-30 14:16	1.exe 80c26491a66b30f8cfdc261fb96cbe26 Malicious Library Antivirus UPX PE File PE32 OS Processor Check VirusTotal Malware PDB sandbox evasion					2.4		37	ZeroCERT

4	2024-02-15 08:08	resources.dll 5d8d5a9c46e621f31d129bcd671c8c8a Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName RCE DNS Cryptographic key Software		4			15.6	M	12	ZeroCERT

5	2024-02-15 08:06	resources.dll 6c072be39ed9066026637c0b74e74047 Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Interception Windows Browser Email ComputerName RCE DNS Cryptographic key Software		3			15.4	M	6	ZeroCERT

6	2024-02-15 08:05	resources.dll e758e07113016aca55d9eda2b0ffeebe Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName RCE DNS Cryptographic key Software		3			15.4	M	8	ZeroCERT

7	2024-01-12 08:00	dwm2.exe cdb5da91ed9624691148563d0c234e06 Malicious Library Antivirus UPX PE32 PE File OS Processor Check VirusTotal Malware PDB					2.2		42	ZeroCERT

8	2022-10-03 09:37	UCUNO7W9hMYe 925bd0fe97f5dfd06ba90e824edcc312 UPX ASPack PE32 PE File Browser Info Stealer VirusTotal Malware AutoRuns Malicious Traffic Check memory Interception Windows Browser RCE DNS	2 Keyword trend analysis Info http://103.106.202.174/seemorebty/il.php?e=UCUNO7W9hMYe https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='UCUNO7W9hMYe'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E	3			5.4	M	20	ZeroCERT

9	2022-03-25 10:19	듐乖섬.exe 156b4f5c31201bc945b2b3ceb95e0c5a VMProtect Malicious Library PE File PE32 VirusTotal Malware unpack itself Detects VMWare VMware crashed					3.2		18	ZeroCERT

10	2022-03-10 14:48	lilay.exe 569af9ea74e24bcf9ea8895c54748a04 Emotet Gen2 UPX ASPack Malicious Library Http API ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check PE64 Browser Info Stealer VirusTotal Malware Code Injection Malicious Traffic Check memory Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk sandbox evasion IP Check VM Disk Size Check Tofsee Interception Windows Browser RCE DNS	6 Keyword trend analysis Info http://tg8.cllgxx.com/hp8/g1/rtst1077.exe http://ip-api.com/json/ http://152.32.228.19/seemorebty/il.php?e=lilay http://www.hhiuew33.com/check/safe - rule_id: 11425 http://www.hhiuew33.com/check/?sid=148941&key=d2db8d8d44195e3a53684d6c389c80e1 - rule_id: 10935 http://152.32.228.19/seemorebty/poe.php?e=lilay	11 Info www.hhiuew33.com(45.136.151.102) - mailcious ip-api.com(208.95.112.1) tg8.cllgxx.com(85.209.157.230) - malware solucionessegura.com(46.17.175.78) iplogger.org(148.251.234.83) - mailcious 148.251.234.83 46.17.175.78 152.32.228.19 208.95.112.1 85.209.157.230 - malware 45.136.151.102 - mailcious	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY External IP Lookup ip-api.com	2	11.8	M	45	ZeroCERT

11	2021-11-23 09:45	robert.png 65a43f945729062784e3ca1edb043a20 UPX PE File OS Processor Check PE32 RCE					0.8			ZeroCERT

12	2021-11-23 07:56	robert.png 65a43f945729062784e3ca1edb043a20 UPX PE File OS Processor Check PE32 RCE					0.8			ZeroCERT

13	2021-11-19 11:29	supremecode.ttfgh 6415be25e090305e57cc0777d65effab UPX PE File OS Processor Check PE32 VirusTotal Malware RCE					1.6		23	ZeroCERT

14	2021-11-19 08:01	bird.png 31123eebb209289d005e3e07b272cd7f UPX PE File OS Processor Check PE32 RCE					0.8			ZeroCERT

15	2021-11-19 07:38	bird.png e94a7d335b6c55a000bd6f4fa16e31e9 UPX PE File OS Processor Check PE32 RCE					0.8			ZeroCERT